Experts urge federal efforts on cybersecurity

Cybersecurity experts from industry and academia today told a House subcommittee that the government's involvement in cybersecurity research, development and education programs needs to be expanded and improved.

Cybersecurity experts told members of the House Science and Technology Committee’s Research and Science Education Subcommittee that government-funded cybersecurity research and development programs and interaction with the private sector on those projects should be enhanced. They also said formal and public cybersecurity education programs should be bolstered.

President Barck Obama said May 29 that his administration's new plan for cybersecurity would “begin a national campaign to promote cybersecurity awareness and digital literacy from our boardrooms to our classrooms, and to build a digital workforce for the 21st century.” Meanwhile, last month the House also passed legislation designed to expand research and development efforts in high-performance computing.

Seymour Goodman, a professor of international affairs and computing at the Georgia Institute of Technology, said people who use information technology are now responsible for much of cyber defense. However, Goodman said the public is increasingly incapable of defending itself from more ever-more capable cyberattackers. Goodman also said he fears that the proliferation of mobile devices such as cell phones pose new security threats that could result in "a coming tsunami of insecurity.”

“An effort must be made to get those people who are in the best position to mitigate risk to do so, and I think what should be done -- and it’s been done in other areas -- industry and government need to get together and they need to get together under some perhaps formal forum or other kind of an institutional mechanism with the mandate that they come up with greater security in cyberspace,” Goodman said. “It’s as simple as that.”

Liesyl Franz, vice president for information security and global public policy at TechAmerica, said a more formal mechanism for industry and government to collaborate on research and development is needed.

Anita D’Amico, director of the Secure Decisions division of the visual software solutions company Applied Visions, said the private sector has very little input in the federal research portfolio and that should change.

D’Amico also said a big problem is that few results of federally funded research and development programs ever become products and more funding is needed to transition that research. She also said more attention needs to be paid to understanding how people use technology. “Cybersecurity education is not just for security wonks,” D’Amico said. “We need to broaden the base of those we teach and involve the social sciences in the education of this larger audience.”

Meanwhile, Fred Schneider, a computer science professor at Cornell University, said a broad spectrum of education programs needs to be used to improve cybersecurity.

“We’re not going to solve this problem only with Ph.D.s or only with bachelor's [degree] graduates," Schneider said. "There are jobs that are suitable for somebody educated at the level of a community college."